Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

INTERNET STORM CENTER TECH CORNER

Ready to try something new in Privileged Access Management? Remediant brings insight and control over privileged access without agents or password vaults. Enforces 2FA for admin accounts and integrates with SIEMs for log correlation. Visit us at Black Hat booth #IC17, or email blackhat@remediant.com to set up a demo! http://www.sans.org/info/195765

TOP OF THE NEWS

Ukraine Was Russia's Test-Lab For CyberWar
The quintessential cyberwar scenario has come to life in the Ukraine. Twice. On separate occasions, invisible saboteurs turned off the electricity to hundreds of thousands of people. The blackouts were part of a digital blitzkrieg that has pummeled Ukraine for the past three years-a sustained cyberassault.
Read more in:
Wired: How an Entire Nation Became Russia's Test Lab for Cyberwar https://www.wired.com/story/russian-hackers-attack-ukraine/

THE REST OF THE WEEK'S NEWS

UK Universities Recover from Ransomware Infection
(June 19, 2017)

Both University College London (UCL) and Ulster University say their computer systems have been restored in the wake of ransomware infections. Last week, both institutions reported that they had to take their systems offline after machines became infected with ransomware. UCL's response team blocked access to shared and network drives once it learned of the infection, but access has now been restored.
Read more in:
ZDNet: Ransomware attacks: Universities back online after 'zero-day' infectionshttp://www.zdnet.com/article/ransomware-attacks-universities-back-online-after-zero-day-infections/

Mexican Government Believed to be Targeting Journalists and Others with Spyware
(June 19, 2017)

Google Play Adware
(June 16, 2017)

Google Play is working to remove annoying and malicious Android apps that bombard users with advertisements. Researchers from SophosLabs say they have found 47 separate apps that have been downloaded as many as six million times. The apps all use a library that displays ads even after users have force closed the app or even scrubbed memory.
[Editor Comments]
[Neely] The Google anti-malware apps will detect App/MarsDee-A. Google hasn't removed all applications that use this library. With the ongoing battle to discover and remove malicious applications in the Google Play store, use of a reputable Anti-Malware application could save some headaches. SophosLabs describes how MarsDee works, as well as some other potentially unwanted applications: https://nakedsecurity.sophos.com/2017/06/16/the-google-play-adware-apps-that-just-wont-die/
Read more in:
Ars Technica: Google Play is fighting an uphill battle against Android adware https://arstechnica.com/security/2017/06/google-play-is-fighting-an-uphill-battle-against-android-adware/

NIST's Cybersecurity and Risk Management Frameworks
(June 16, 2017)

A recent US presidential executive order directed federal agencies to manage cybersecurity risk with the National Institute of Standards and Technology's (NIST's) Cybersecurity Framework (CSF). Prompted by a 2013 executive order, CSF was introduced in 2014 as a voluntary framework of best practices. There has been some confusion between CSF and NIST's Risk Management Framework (RMF), which was introduced in 2010 and is mandatory for federal agencies and organizations that deal with federal data.
[Editor Comments]
[Neely] The EO is really about mapping what is being done with the mandatory RMF to the CSF. The CSF controls can be implemented with NIST controls. For organizations which have fully implemented the RMF, the gap here is small. The RMF, and corresponding updates to NIST guides, added a lot of prioritization and risk based guidance. The CSF even more so. These together make implementation much simpler than the absolute compliance model of old.
[Murray] Risk management begins with an expression of risk tolerance by executive management. NIST guidance scrupulously avoids any such expression and no one else in government is doing it. A simple such expression might be "Manage such that defalcations or material errors must involve two or more people," but does not speak to timing. A higher but more complex standard might say something like "breaches in sensitive business or public facing applications must be detected and remediated within two weeks." It is meaningless to tell management to manage risk without some measure.
Read more in:
Nextgov: How to Know Which NIST Framework to Use http://www.nextgov.com/technology-news/tech-insider/2017/06/how-know-which-nist-framework-use/138750/?oref=ng-channelriver